]>
Commit | Line | Data |
---|---|---|
3bd189cb JR |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> |
2 | <HTML> | |
3 | <HEAD> | |
4 | <TITLE> [IRCServices] Bug in mode locked keys in 5.0.6 | |
5 | </TITLE> | |
6 | <LINK REL="Index" HREF="index.html" > | |
7 | <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To="> | |
8 | <META NAME="robots" CONTENT="index,nofollow"> | |
9 | <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> | |
10 | <LINK REL="Previous" HREF="003427.html"> | |
11 | <LINK REL="Next" HREF="003433.html"> | |
12 | </HEAD> | |
13 | <BODY BGCOLOR="#ffffff"> | |
14 | <H1>[IRCServices] Bug in mode locked keys in 5.0.6</H1> | |
15 | <B>Craig Edwards</B> | |
16 | <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To=" | |
17 | TITLE="[IRCServices] Bug in mode locked keys in 5.0.6">brain at brainbox.winbot.co.uk | |
18 | </A><BR> | |
19 | <I>Tue Dec 31 23:23:00 PST 2002</I> | |
20 | <P><UL> | |
21 | <LI>Previous message: <A HREF="003427.html">[IRCServices] mailing list issues | |
22 | </A></li> | |
23 | <LI>Next message: <A HREF="003433.html">[IRCServices] Question about TR-IRCD | |
24 | </A></li> | |
25 | <LI> <B>Messages sorted by:</B> | |
26 | <a href="date.html#3432">[ date ]</a> | |
27 | <a href="thread.html#3432">[ thread ]</a> | |
28 | <a href="subject.html#3432">[ subject ]</a> | |
29 | <a href="author.html#3432">[ author ]</a> | |
30 | </LI> | |
31 | </UL> | |
32 | <HR> | |
33 | <!--beginarticle--> | |
34 | <PRE>So no way to fix this? it's an effective way to steal a channels key if the channel is not regularly used... | |
35 | how about an option to put a pseudoclient into channels to hold their mode locks? | |
36 | ||
37 | Right now we're just advising our users avoid keys and stick to +i and access lists as it is much more secure. | |
38 | ||
39 | ><i>On Friday, Dec 27, 2002, at 18:25 US/Pacific, Craig Edwards wrote: | |
40 | </I>><i> | |
41 | </I>>><i> We've just discovered a bug in ircservices 5.0.6 where a channel can | |
42 | </I>>><i> be joined which has a key modelocked, and not only does it allow the | |
43 | </I>>><i> client to enter, it also shows them the key, if the room is empty. | |
44 | </I>>><i> In the following test, the channel is registered with the mode lock | |
45 | </I>>><i> "+ntk mykey", and is empty. Guest2088478498 is not on any access | |
46 | </I>>><i> lists for the channel. | |
47 | </I>>><i> | |
48 | </I>>><i> *** services.chatspike.net changes topic to '(ChanServ)' | |
49 | </I>>><i> *** ChanServ sets mode: +ntrk-o mykey Guest2088478498 | |
50 | </I>><i> | |
51 | </I>>><i> A little discussion led us to think that a good fix for this would | |
52 | </I>>><i> be to treat keyed channels in the same way as +O channels, unless | |
53 | </I>>><i> the correct key is supplied in the JOIN raw, if +k is mode locked, | |
54 | </I>>><i> kick out the user before the locked modes and topic are set by | |
55 | </I>>><i> chanserv/services.* | |
56 | </I>><i> | |
57 | </I>><i>The key in the join command is not passed to other servers, so | |
58 | </I>><i>services would never receive it. | |
59 | </I>><i> | |
60 | </I>><i>-- Quension | |
61 | </I>><i> | |
62 | </I>><i>------------------------------------------------------------------ | |
63 | </I>><i>To unsubscribe or change your subscription options, visit: | |
64 | </I>><i><A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices</A> | |
65 | </I> | |
66 | ||
67 | ||
68 | </PRE> | |
69 | ||
70 | <!--endarticle--> | |
71 | <HR> | |
72 | <P><UL> | |
73 | <!--threads--> | |
74 | <LI>Previous message: <A HREF="003427.html">[IRCServices] mailing list issues | |
75 | </A></li> | |
76 | <LI>Next message: <A HREF="003433.html">[IRCServices] Question about TR-IRCD | |
77 | </A></li> | |
78 | <LI> <B>Messages sorted by:</B> | |
79 | <a href="date.html#3432">[ date ]</a> | |
80 | <a href="thread.html#3432">[ thread ]</a> | |
81 | <a href="subject.html#3432">[ subject ]</a> | |
82 | <a href="author.html#3432">[ author ]</a> | |
83 | </LI> | |
84 | </UL> | |
85 | ||
86 | </body></html> |